(Natural News)
Cryptocurrency wallets were invented to allow those who owned cryptocurrencies, such as Bitcoin, to have an easy way to store and access them via hardware. For a long time, the makers of these devices marketed their products as tamper-proof and capable of keeping any and all of their contents safe. But as it turns out, they are so open to vulnerabilities that a 15-year-old self-taught programmer was able to put together a proof-of-concept that showed a number of ways in which they could be “attacked.”

In the case of the 15-year-old would-be hacker, the target was the Ledger Nano S, a hardware wallet designed by France-based Ledger, a company which liked to boast about the capabilities of their specialized hardware when it comes to storing cryptocurrencies. Through its marketing materials and press releases, the company stated numerous times that their reliance on “cryptographic attestation” allowed their devices to use digital signatures that were impossible to forge, thereby letting only authorized code to run on their products.

But the work of one U.K. teenager named Saleem Rashid has exposed it as nothing more than smoke and mirrors, as he posted the details of how their technology could be entered and used for nefarious purposes on his own personal blog. Rashid’s proof-of-concept code allowed him to enter the company’s $100 hardware wallet, called the Ledger Nano S, through a backdoor that gave him full access to it.

It is said that the backdoor code used by Rashid is only 300 bytes long, which isn’t much in terms of programming code, and causes the hardware wallet to generate pre-determined wallet addresses and recovery passwords that are privy to the attacker. With the passwords, the attacker could then use a new Ledger hardware wallet to recover private keys that are also used in the backdoored devices.

Get more news like this without being censored: Get the Natural News app for your mobile devices. Enjoy uncensored news, lab test results, videos, podcasts and more. Bypass all the unfair censorship by Google, Facebook, YouTube and Twitter. Get your daily news and videos directly from the source! Download here.

What’s worse, the same approach was shown to be effective for changing wallet destinations and payment amounts, so that any transactions like deposits go directly to an attacker’s account. Interestingly, the method used to break into the $100 hardware wallet also worked on the more expensive Ledger Blue, which costs $200 and is supposed to be a better hardware wallet.

According to Matt Green, a professor at Johns Hopkins University that specializes in encryption security, Ledger’s biggest problem is that the space that they’re working in may not really be all that conducive to something that’s supposed to be tamper-proof. “Ledger is trying to solve a fundamentally hard problem. They need to check the firmware running on a processor. But their secure chip can’t actually see the code running on that processor,” he explained. “So they have to ask the processor to supply its own code! Which is a catch-22, since that processor might not be running honest code, and so you can’t trust what it gives you.”

For its part, Ledger has openly addressed security concerns such as this one in the past, and will likely be issuing necessary software updates to try and minimize the impact of such vulnerabilities. Perhaps it will be up to those who still own cryptocurrencies to make sure that their hardware really works as advertised, instead of simply taking the word of companies like Ledger for it. And if not, to look for better alternatives.

Get alerted on heavy metals and pesticide test results for foods and supplements

Natural News is about to begin releasing lab test results for off-the-shelf food, supplement and pet food products, covering heavy metals, nutritive minerals, pesticides and herbicides. These details will be released exclusively to Natural News email newsletter subscribers (FREE) and will NOT be publicly posted on the website. To be alerted, join our free email newsletter now, and watch for lab test results in the weeks ahead.

Enter your email address below to subscribe to our email announcement list (but don't use gmail). Your privacy is protected and you can unsubscribe at any time. If you don't join our email list, you may never see our valuable content again via Facebook, Google or YouTube. CENSORSHIP has now reached EXTREME levels across the 'net. The truth is being suffocated. Subscribe now if you want to escape the delusional bubble of false reality being pushed by Google and Facebook.